/**
 * \file sha2.h
 *
 *  Based on TropicSSL: Copyright (C) 2017 Shanghai Real-Thread Technology Co., Ltd
 *
 *  Based on XySSL: Copyright (C) 2006-2008  Christophe Devine
 *
 *  Copyright (C) 2009  Paul Bakker <polarssl_maintainer at polarssl dot org>
 *
 *  All rights reserved.
 *
 *  Redistribution and use in source and binary forms, with or without
 *  modification, are permitted provided that the following conditions
 *  are met:
 *
 *    * Redistributions of source code must retain the above copyright
 *      notice, this list of conditions and the following disclaimer.
 *    * Redistributions in binary form must reproduce the above copyright
 *      notice, this list of conditions and the following disclaimer in the
 *      documentation and/or other materials provided with the distribution.
 *    * Neither the names of PolarSSL or XySSL nor the names of its contributors
 *      may be used to endorse or promote products derived from this software
 *      without specific prior written permission.
 *
 *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 *  LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 *  FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 *  OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 *  TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
#ifndef TINY_CRYPT_SHA2_H__
#define TINY_CRYPT_SHA2_H__

/**
 * \brief          SHA-256 context structure
 */
typedef struct {
    uint32_t total[2]; /*!< number of bytes processed  */
    uint32_t state[8]; /*!< intermediate digest state  */
    uint8_t buffer[64];   /*!< data block being processed */

    uint8_t ipad[64]; /*!< HMAC: inner padding        */
    uint8_t opad[64]; /*!< HMAC: outer padding        */
    int is224;      /*!< 0 => SHA-256, else SHA-224 */
} tiny_sha2_context;

#ifdef __cplusplus
extern "C" {
#endif

    /**
     * \brief          SHA-256 context setup
     *
     * \param ctx      context to be initialized
     * \param is224    0 = use SHA256, 1 = use SHA224
     */
    void tiny_sha2_starts(tiny_sha2_context * ctx, int is224);

    /**
     * \brief          SHA-256 process buffer
     *
     * \param ctx      SHA-256 context
     * \param input    buffer holding the  data
     * \param ilen     length of the input data
     */
    void tiny_sha2_update(tiny_sha2_context * ctx, uint8_t *input, int ilen);

    /**
     * \brief          SHA-256 final digest
     *
     * \param ctx      SHA-256 context
     * \param output   SHA-224/256 checksum result
     */
    void tiny_sha2_finish(tiny_sha2_context * ctx, uint8_t output[32]);

    /**
     * \brief          Output = SHA-256( input buffer )
     *
     * \param input    buffer holding the  data
     * \param ilen     length of the input data
     * \param output   SHA-224/256 checksum result
     * \param is224    0 = use SHA256, 1 = use SHA224
     */
    void tiny_sha2(uint8_t *input, int ilen,
          uint8_t output[32], int is224);

    /**
     * \brief          SHA-256 HMAC context setup
     *
     * \param ctx      HMAC context to be initialized
     * \param key      HMAC secret key
     * \param keylen   length of the HMAC key
     * \param is224    0 = use SHA256, 1 = use SHA224
     */
    void tiny_sha2_hmac_starts(tiny_sha2_context * ctx, uint8_t *key,
                  int keylen, int is224);

    /**
     * \brief          SHA-256 HMAC process buffer
     *
     * \param ctx      HMAC context
     * \param input    buffer holding the  data
     * \param ilen     length of the input data
     */
    void tiny_sha2_hmac_update(tiny_sha2_context * ctx, uint8_t *input,
                  int ilen);

    /**
     * \brief          SHA-256 HMAC final digest
     *
     * \param ctx      HMAC context
     * \param output   SHA-224/256 HMAC checksum result
     */
    void tiny_sha2_hmac_finish(tiny_sha2_context * ctx, uint8_t output[32]);

    /**
     * \brief          Output = HMAC-SHA-256( hmac key, input buffer )
     *
     * \param key      HMAC secret key
     * \param keylen   length of the HMAC key
     * \param input    buffer holding the  data
     * \param ilen     length of the input data
     * \param output   HMAC-SHA-224/256 result
     * \param is224    0 = use SHA256, 1 = use SHA224
     */
    void tiny_sha2_hmac(uint8_t *key, int keylen,
               uint8_t *input, int ilen,
               uint8_t output[32], int is224);

#ifdef __cplusplus
}
#endif
#endif              /* sha2.h */
